Re: RFC: A security-base package for Debian

[Craig Sanders <cas@taz.net.au>]

On Wed, Jul 14, 1999 at 09:08:01AM +0200, Christian Hammers wrote:
> After taking over the packaging of the snort portscan detector I
> discussed with some other maintainers about a creation of a Debian
> security-base package that should be a package with the following
> benefits:

sounds like a great idea.

> 1. Includes many network security related documents, all in some 
>    categories and maybe converted to text and/or html (we must see) and
>    some short description to read them in a convinient way.
> 
> 2. The package has dependencies to all security related programs like
>    port scan detectors, fakebo, tcpdump, nmap etc pp.

doc packages should NEVER depend on binaries.  Suggests: is OK, but
Depends: makes it impossible to read the docs without installing the
binaries. evil!

this is especially evil considering some sysadmins will want to read
the security documents but not want to install programs like tcpdump on
their machines.

you could have two packages. the first being "security-documents", and
the second being a virtual package "debian-security" which depends or
suggests security-documents and all of the relevant security tools.

(recommends is evil because dselect won't take no for an answer)

craig

--
craig sanders